// THIS IS KEY! Without it, there is no way to exchange for a long-lived // access token // this is short-lived access token returned from Facebook at OAuth // authentication module
String accessToken = ssoToken.getProperty
(OAuthParam.SESSION_OAUTH_TOKEN);

Tuesday, October 20, 2015

In OpenAM 12, one of the new features released was Social Authentication made-easy.

Social Authentication

Log in to an OpenAM protected resource by using your existing social website credentials. OpenAM supports Facebook, Google, Microsoft, or any other OpenID Connect 1.0 compliant identity provider.

OpenAM administrator can easily configure Social Authentication via the Common Tasks tab.

And the respectively Social Login logos will auto-magically appear on the default OpenAM Login Page, without any customization. Wow!

Yes, it did wow-ed one of my customers when some pre-sales presented this feature during selling/POC.

Side note: You'll be quite amazed the decision makers here are easily wow-ed by UI experience, rather than comparing products technically. (Few years ago, I did mentioned about the hard selling of OpenIDM without a proper UI. These days, it's much easier to sell with the launch of UI in OpenIDM 3.x.)

Back to our original topic, what's the catch?

Read again:

Social Authentication

Log in to an OpenAM protected resource by using your existing social website credentials. OpenAM supports Facebook, Google, Microsoft, or any other OpenID Connect 1.0 compliant identity provider.

So during project implementation, this particular customer wants to have LinkedIn "auto-magically" appear on the Login Page as this was what he requested then.

Technically, to configure via the "short-cut" in Common Tasks tab is impossible. That's what I have to admit to Mr Customer. This is because LinkedIn does not currently supports OpenID Connect.

There is, however, workaround which I have researched for him and made it work for him.

OpenAM is very flexible to tweak around. But of course, some investment in time are required.